Communications system frequently include a plurality of network nodes which are coupled to access nodes through which end nodes, e.g., mobile devices, are coupled to the network. Network nodes may be arranged in a hierarchy. Access Authentication and Authorization (AAA) servers are nodes which are normally placed relatively high in the network hierarchy. They normally provide information used for security and access control purposes. Access nodes frequently have a secure link with an AAA server in cases where such servers are used. The secure link may be through one or more node in the hierarchy.
Operators typically manage access sessions in IP networks using the RADIUS protocol and associated RADIUS AAA servers. In the future, AAA systems may be based on new protocols such as DIAMETER. In a system using a RADIUS AAA server, when a user attempts to gain access to an operator network, for the duration of an access session, the local Access Router normally issues one or more RADIUS Access-Requests to an Authentication Server to authenticate that user based on its identity such as a Network Access Identifier (NAI). The AAA database typically has stored the identities of those users allowed to access its system along with the services features they are able to invoke. When the user is successfully authenticated, its access port on the access device is configured with policy state commensurate with the user's service Authorization. The service authorization is normally delivered via RADIUS to the Access Router by the Authorization Server. Whilst authorized, service usage during an access session is recorded by the Access Router, and sent as accounting records to an Accounting Server using Accounting-Request messages in the RADIUS protocol. The Accounting Server may be part of the AAA server or it may be an independent server using the same protocol with the authorization server. If the user is connected to multiple Access Routers during a single session then the multiple sessions need to be aggregated in the Accounting Servers.
In addition to authorization and accounting issues, communications systems which support mobile devices need to include mechanisms for conveying location information so that a mobile device can change its point of attachment to the network and still have signals, e.g., IP packets, routed to it.
Mobile IP, (versions 4 and 6) also known as MIPv4 [MIPv4] and MIPv6 [MIPv6], enables a mobile node (MN) to register its temporary location indicated by a care-of-address (CoA) to its Home Agent (HA). The HA then keeps a mapping (also called a binding) between the MN's permanent address, otherwise called Home Address (HoA), and the registered CoA so that packets for that MN can be redirected to its current location using IP encapsulation techniques (tunneling). The CoA used by a MN can be an address that belongs to a Foreign Agent (FA) in an Access Router when MIPv4 is used or it can be a temporarily allocated address to the MN itself, from the Access Router prefix, in which case it is called a collocated care-of-address (CCoA). The latter model also applies to MIPv4 while it is the only mode of operation in MIPv6. Note that for the purpose of this document the terms CCoA and CoA as well as Registration and Binding Update (BU) are interchangeable since they are the corresponding terms for MIPv4 and MIPv6. The methods and apparatus of the invention are applicable to both MIPv4 and MIPv6 unless otherwise mentioned.
AAA systems are typically used with mobile IP to manage IP address allocations (HoAs), to dynamically allocate HAs, to distribute MN profiles to the Access Router and also to distribute security keys to authenticate MIP messages and to secure the air-link. The Mobile Node, an end node which is capable of changing its point of network attachment, typically sends a MIP message to gain access to the system, which triggers a AAA request to authenticate and authorize the Mobile Node. The AAA MN profile and security state is then passed from the AAA system to the Access Router to control services consumed by the MN.
MNs may change their point of network attachment, e.g., as they move from one cell to another cell. This involves changing the MNs point of attachment from a first access node, e.g., a first router, to a second access node, e.g., a second router. This processes is commonly known as a handoff. As part of a handoff the MN's CoA/CCoA needs to be updated and then transferred into the HA using MIP signaling so that packets are redirected to the MN via the new Access Router. As part of handoff process, it is necessary to transfer at least some of the first access router's state information corresponding to the MN involved in the handoff to the new access router so that the MN service is not interrupted. This process is known as State Transfer. State transfer may include, e.g., the transfer of AAA profile state information that Was previously delivered via RADIUS to the AR, at which the MN access session commenced. It also may include, e.g., the transfer of air-link security vectors, MN-NAI, MN IP Address, MN-EUI-64, remaining MIP Registration Lifetime, MN multicast group membership, admission control state, resource reservation state, diff-serv state, SIP session state, compressor state, MN scheduling history and/or many other potential items of MN specific AR state information.
In at least one known system, the transfer of state information during a handoff is accomplished by the new access node to which a mobile node is connecting sending a state transfer message through the communications network to the old access node to which the mobile node was connected. In response the old access node forwards state information to the new access node. This technique, while effective, has the disadvantage of requiring that a message be sent between the old and new access nodes to initiate the transfer of the state information. The links between access nodes used for the transmission of such messages may become congested or could be used to convey other information and/or signals if the need for messages between access nodes used to initiate the transfer of state information could be eliminated.
In view of the above discussion, it should be appreciated that there is a need for new methods of implementing the communication of state information to a new access node in the case of a mobile node handoff or in other cases where a mobile node enters a new cell. It should also be appreciated that, for the reasons discussed above, avoiding the use of messages between access nodes to trigger the transfer of state information during a handoff is desirable.